Option to decline guest invitation, or leave external organization without accepting permission page for guest
When there is suspected external org invite our users to be the guests, there are only two way to leave.
- fully accept the invitation and choose "leave organization" in the Access Panel.
- contact external organization to delete our users from AAD
However, these two options are both not ideal when it comes to an unknown external organization, and it might potentially expose our users to the attackers.
I hope there could be a way to decline the guest invitation without fully accepting it first, and make the drop down option to switch to external org disappear.
I picture this as an extension of things like linked in where users could get dozens of invites in Teams with no way to remove them other than except and then remove. I'm guessing that the invitation could come back over and over and be another form of Spam.
I absolutely consider this an implementation design flaw. I am unable to remove an organization from my Office apps because sign-in is blocked. Members of our company were invited to an external organization for a project we were collaborating on, but were were never able to login to their organization (probably due to being flagged as risky users, but they never resolved that). Now, months after that project has concluded, we all have the external organization permanently listed in our Teams and other apps and cannot remove it due to not being able to login to that organization. Users should be able to leave organizations they can't sign into, especially since users can't prevent being added by another organization, even ones they don't have any connection to.
Paul Gritton commented
Adding error msg to help people find this. Selected user account does not exist in tenant 'Tenant Name' and cannot access the application 'Tenant ID' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
Paul Gritton commented
You can only leave a tenant that you can still successfully log into.
This is silly.
I would consider this a bug and certainly not sustainable over the long term. If you are not working with them, they will likely disable your access. Now you can't leave without making a formal request to their administration team that may or may not actually work? Not realistic. You're not working with them anymore. Those entries are just going to sit there until Microsoft develops an option for users to remove without authentication. It's only a matter of time before this gets ridiculous.
"Other organizations you belong to
You can leave organizations you no longer work with."